AI-based attacks are increasing in number and threaten critical infrastructures
During the first half of 2023, the Link11 Security Operations Center (LSOC) has registered a significant increase in attacks. Compared to the same period last year, the number of DDoS attacks registered in the Link11 network increased by more than 70%. In addition to the increase in quantity, the intensity and complexity of attacks also been elevated in the first half of the year.
The ongoing armed conflict between Russia and Ukraine has led to a further increase in politically motivated cyberattacks, orchestrated by well-organized perpetrators. The groups “REvil”, “Killnet”, and the hacktivists “Anonymous Sudan”, active since the beginning of this year, have joined forces to form a new hacker collective, the “Darknet Parliament”, in order to combine their offensive capabilities.
Critical infrastructures (CRITIS) in NATO countries are especially at risk as a result of these attacks. In the first half of 2023, DDoS activities reached a new threat level compared to the previous year. The transport, energy, finance, as well as government sectors are particularly vulnerable to DDoS attacks and in numerous cases lack competitive DDoS protection. Not a month has gone by in the current year without cyberattacks against NATO countries and their critical infrastructure.
In addition to the increasing number of attacks, the LSOC recorded a growing intensity of attacks. High-volume attacks, with bandwidths exceeding 200 Gbps (gigabits per second) every month, were not uncommon. The average bandwidth peak was at 454 Gbps, while the largest attack was stopped at 795 Gbps (H1 2022: 574 Gbps). In parallel, DDoS attacks observed on the Link11 network in 2023 reach their critical volume after an average of just 60 seconds, which can cause systems to fail entirely (2022: 93 seconds).
While the intensity of attacks increased in the first half of the year, compared to the same period last year, the average duration of the attacks decreased, compared to the first half of 2022. The moment the intended goals cannot be reached, DDoS attacks are swiftly stopped. It seems that hackers are increasingly using artificial intelligence to improve their methods and to amend attack types.
The longest attack in the first half of 2023 lasted 1,444 minutes, or in other words 24 hours and 4 minutes (H1 2022: 981 minutes/16.5 hours). As far as popular attacks the biggest increase is in HTTPS attacks. Their share has grown to 30%, which reflects a significant increase in Layer 7 attacks.
The potential consequences of a “triple extortion” are devastating attackers threaten with a DDoS attack, in the shadow of which the criminals can then infiltrate the malware into the system unnoticed or siphon off data. Following the encryption by the inserted ransomware, they either threaten to publish, or directly publish the stolen data on the darknet. The flourishing “cybercrime-as-a-service” industry reinforces this trend.
In addition, the rapid increase in smart IoT and cloud technologies further empowers attackers. The perpetrators currently have access to a huge arsenal of botnets, which they know how to deploy optimally with increasingly intelligent attacks. Worldwide, up to 1,000,000 IoT hosts and cloud server instances are active every day. These generate more than 40 percent of all DDoS traffic.
Lisa Fröhlich, company spokesperson at Link11: “Companies and operators of critical infrastructures must understand that the danger of DDoS attacks is ever-present. In addition to the professionalization that has already taken place in 2022, we also see constantly increasing attack numbers in 2023, which massively increases the danger situation.
Artificial intelligence has the potential to further sophisticate DDoS attacks. Lack of awareness and missing investments in competitive protection therefore represent a permanent danger for those affected.”
The full report is available for download on the Link11 website.